"People could download reports and even create Excel spreadsheets with all that information," he says. APCU had several pieces of its security plan in place. It was already using Compliance Commander from Intrusion to block sensitive information from escaping via email or attachments, and ZixMail from ZixCorp. to encrypt email and attachments.
"That took care of data in flight," Griffin says. "We also wanted to secure data at rest, to look on our laptops or desktops and see what important information was being housed on our PCs."
APCU signed on over the summer as a beta tester for Compliance Protector Solution. CPS lets the union classify information on users' laptops and PCs and removes data that shouldn't be there. It also uses Destiny's risk analysis reports to identify where there might be exposed privacy data.
"It looks at data on PCs, says this information has to be classified and stored on the data center server, moves it to the data center, and puts a link to it," he says. "The employee goes in the next day, doesn't know data is moved, he only seeks a link. We can get information off desktops, off laptops, and put them on a secure server here. If the laptop gets stolen it's just a link to our secure server. They would have to link back to access it. It also avoids having to encrypt PCs and laptops, because the data never resides there."
Grffin says the application lets APCU set different levels of security. "We can tell what PC a document is on, the users that have access to that information, where the information is, how it got moved," he says. "We track the whole lifecycle of the data through the Destiny console."